Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > March 2005 > Red Hat - Four Security Advisories

March 2005

Red Hat - Four Security Advisories

ID: 00240
Ref: 219/2005
Date: 24 March 2005:12:26:36
Version: 1
Title: Red Hat - Four Security Advisories
Abstract:
Vendors affected: Red Hat
Operating systems affected: Red Hat
Applications affected: Red Hat

Title
=====

Red Hat - Four Security Advisories:
1. Critical: mozilla security update [RHSA-2005:323-01]
2. Critical: mozilla security update [RHSA-2005:335-01]
3. Critical: firefox security update [RHSA-2005:336-01]
4. Critical: thunderbird security update [RHSA-2005:337-01]


Detail
======

Security Advisory Summaries:

1. Updated mozilla packages that fix various bugs are now available.
CVE Names: CAN-2004-0906 CAN-2004-1380 CAN-2004-1613
CAN-2005-0141 CAN-2005-0144 CAN-2005-0147
CAN-2005-0149 CAN-2005-0232 CAN-2005-0399

2. Updated mozilla packages that fix various bugs are now available.
CVE Names: CAN-2004-1380 CAN-2005-0141 CAN-2005-0142
CAN-2005-0143 CAN-2005-0144 CAN-2005-0146
CAN-2005-0149 CAN-2005-0399 CAN-2005-0401

3. Updated firefox packages that fix various bugs are now available.
A buffer overflow bug was found in the way Firefox processes GIF
images. A bug was found in the way Firefox processes XUL content.
A bug was found in the way Firefox bookmarks content to the sidebar.
CVE Names: CAN-2005-0399 CAN-2005-0401 CAN-2005-0402

4. Updated thunderbird packages that fix various bugs are now available.
A buffer overflow bug was found in the way Thunderbird processes GIF
images. A bug was found in the Thunderbird string handling functions.
CVE Names: CAN-2005-0399 CAN-2005-0255


Security Advisory Content Follows:


1.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Critical: mozilla security update
Advisory ID: RHSA-2005:323-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-323.html
Issue date: 2005-03-23
Updated on: 2005-03-23
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-0906 CAN-2004-1380 CAN-2004-1613 CAN-2005-0141
CAN-2005-0144 CAN-2005-0147 CAN-2005-0149 CAN-2005-0232
CAN-2005-0399
- - ---------------------------------------------------------------------

1. Summary:

Updated mozilla packages that fix various bugs are now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

A buffer overflow bug was found in the way Mozilla processes GIF images. It
is possible for an attacker to create a specially crafted GIF image, which
when viewed by a victim will execute arbitrary code as the victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0399 to this issue.

A bug was found in the way Mozilla displays dialog windows. It is possible
that a malicious web page which is being displayed in a background tab
could present the user with a dialog window appearing to come from the
active page. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1380 to this issue.

A bug was found in the way Firefox allowed plug-ins to load privileged
content into a frame. It is possible that a malicious webpage could trick a
user into clicking in certain places to modify configuration settings or
execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0232 to this issue.

A bug was found in the way Mozilla Mail handles cookies when loading
content over HTTP regardless of the user's preference. It is possible that
a particular user could be tracked through the use of malicious mail
messages which load content over HTTP. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-0149 to
this issue.

A bug was found in the way Mozilla responds to proxy auth requests. It is
possible for a malicious webserver to steal credentials from a victims
browser by issuing a 407 proxy authentication request. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0147 to this issue.

A bug was found in the way Mozilla handles certain start tags followed by a
NULL character. A malicious web page could cause Mozilla to crash when
viewed by a victim. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1613 to this issue.

A bug was found in the way Mozilla sets file permissions when installing
XPI packages. It is possible for an XPI package to install some files
world readable or writable, allowing a malicious local user to steal
information or execute arbitrary code. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0906 to
this issue.

A bug was found in the way Mozilla loads links in a new tab which are
middle clicked. A malicious web page could read local files or modify
privileged chrom settings. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0141 to this issue.

A bug was found in the way Mozilla displays the secure site icon. A
malicious web page can use a view-source URL targetted at a secure page,
while loading an insecure page, yet the secure site icon shows the previous
secure state. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0144 to this issue.

Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.4.4 and additional backported patches to correct
these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

145597 - CAN-2005-0141 Link opened in new tab can load a local file
145609 - CAN-2005-0144 Secure site lock can be spoofed with view-source:
145610 - CAN-2004-1380 Input stealing from other tabs (CAN-2004-1381)
145614 - CAN-2005-0147 Browser responds to proxy auth request from non-proxy
server (ssl/https)
145615 - CAN-2005-0149 Mail responds to cookie requests
151209 -
151492 - CAN-2004-1613 Mozilla start tag NULL character DoS
151494 - CAN-2004-0906 Mozilla XPI installer insecure file creation
151496 - CAN-2005-0232 fireflashing vulnerability (CAN-2005-0527)

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/galeon-1.2.13-6.2.1.src.rpm
bfa6d2b47049ca23b8b8b320749b7ea2 galeon-1.2.13-6.2.1.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/mozilla-1.4.4-1.2.3.src.rpm
492ba66de02ce249a94226f7da5cb1a8 mozilla-1.4.4-1.2.3.src.rpm

i386:
640ead171aa0fc4cdf6367e63df5652c galeon-1.2.13-6.2.1.i386.rpm
6f3df40d9ceea897b0b4d6bbcf08f32f mozilla-1.4.4-1.2.3.i386.rpm
1b885fa495058785d4d726c52119ef6e mozilla-chat-1.4.4-1.2.3.i386.rpm
af7ed1e862811a591b6d70df4c21ee95 mozilla-devel-1.4.4-1.2.3.i386.rpm
ae51fad443b9f7f86019f9da87534499 mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm
b5f9b2fd48e520c0548024f062d3be4a mozilla-js-debugger-1.4.4-1.2.3.i386.rpm
26f5a720479169d6ee2618a1df2876cf mozilla-mail-1.4.4-1.2.3.i386.rpm
53988d7daa3f6b92dbbf8a4638fde336 mozilla-nspr-1.4.4-1.2.3.i386.rpm
fd1a43ab2e3dfa370989a2806ee7fa10 mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm
38851672d0ec94d06447bf082cf58d96 mozilla-nss-1.4.4-1.2.3.i386.rpm
6e826549e1c1526af249034bd6c3de26 mozilla-nss-devel-1.4.4-1.2.3.i386.rpm

ia64:
32ad65318604c36cf95b25f2124ec223 galeon-1.2.13-6.2.1.ia64.rpm
6cb59d01995e11204ab23a54568c9f9f mozilla-1.4.4-1.2.3.ia64.rpm
1f25d7f9d3c80cade1f8efd8b0ee98b7 mozilla-chat-1.4.4-1.2.3.ia64.rpm
01cc33ec4c371a843a411ac869f94ca0 mozilla-devel-1.4.4-1.2.3.ia64.rpm
5d779ebb2e5dab692710ca931fed6f79 mozilla-dom-inspector-1.4.4-1.2.3.ia64.rpm
2fc3624b90c331946afdf14352711f27 mozilla-js-debugger-1.4.4-1.2.3.ia64.rpm
e20163a2bc4cb9237735bebb5949bd09 mozilla-mail-1.4.4-1.2.3.ia64.rpm
280721615940ff5cf20592b0aff50cd3 mozilla-nspr-1.4.4-1.2.3.ia64.rpm
dedc936c50f2d93712a1a85ed391fb49 mozilla-nspr-devel-1.4.4-1.2.3.ia64.rpm
bb0524cc191752bbd6c1e4380d978640 mozilla-nss-1.4.4-1.2.3.ia64.rpm
62c1a1ebb38cc6374697247699c121df mozilla-nss-devel-1.4.4-1.2.3.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/galeon-1.2.13-6.2.1.src.rpm
bfa6d2b47049ca23b8b8b320749b7ea2 galeon-1.2.13-6.2.1.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/mozilla-1.4.4-1.2.3.src.rpm
492ba66de02ce249a94226f7da5cb1a8 mozilla-1.4.4-1.2.3.src.rpm

ia64:
32ad65318604c36cf95b25f2124ec223 galeon-1.2.13-6.2.1.ia64.rpm
6cb59d01995e11204ab23a54568c9f9f mozilla-1.4.4-1.2.3.ia64.rpm
1f25d7f9d3c80cade1f8efd8b0ee98b7 mozilla-chat-1.4.4-1.2.3.ia64.rpm
01cc33ec4c371a843a411ac869f94ca0 mozilla-devel-1.4.4-1.2.3.ia64.rpm
5d779ebb2e5dab692710ca931fed6f79 mozilla-dom-inspector-1.4.4-1.2.3.ia64.rpm
2fc3624b90c331946afdf14352711f27 mozilla-js-debugger-1.4.4-1.2.3.ia64.rpm
e20163a2bc4cb9237735bebb5949bd09 mozilla-mail-1.4.4-1.2.3.ia64.rpm
280721615940ff5cf20592b0aff50cd3 mozilla-nspr-1.4.4-1.2.3.ia64.rpm
dedc936c50f2d93712a1a85ed391fb49 mozilla-nspr-devel-1.4.4-1.2.3.ia64.rpm
bb0524cc191752bbd6c1e4380d978640 mozilla-nss-1.4.4-1.2.3.ia64.rpm
62c1a1ebb38cc6374697247699c121df mozilla-nss-devel-1.4.4-1.2.3.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/galeon-1.2.13-6.2.1.src.rpm
bfa6d2b47049ca23b8b8b320749b7ea2 galeon-1.2.13-6.2.1.src.rpm
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/mozilla-1.4.4-1.2.3.src.rpm
492ba66de02ce249a94226f7da5cb1a8 mozilla-1.4.4-1.2.3.src.rpm

i386:
640ead171aa0fc4cdf6367e63df5652c galeon-1.2.13-6.2.1.i386.rpm
6f3df40d9ceea897b0b4d6bbcf08f32f mozilla-1.4.4-1.2.3.i386.rpm
1b885fa495058785d4d726c52119ef6e mozilla-chat-1.4.4-1.2.3.i386.rpm
af7ed1e862811a591b6d70df4c21ee95 mozilla-devel-1.4.4-1.2.3.i386.rpm
ae51fad443b9f7f86019f9da87534499 mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm
b5f9b2fd48e520c0548024f062d3be4a mozilla-js-debugger-1.4.4-1.2.3.i386.rpm
26f5a720479169d6ee2618a1df2876cf mozilla-mail-1.4.4-1.2.3.i386.rpm
53988d7daa3f6b92dbbf8a4638fde336 mozilla-nspr-1.4.4-1.2.3.i386.rpm
fd1a43ab2e3dfa370989a2806ee7fa10 mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm
38851672d0ec94d06447bf082cf58d96 mozilla-nss-1.4.4-1.2.3.i386.rpm
6e826549e1c1526af249034bd6c3de26 mozilla-nss-devel-1.4.4-1.2.3.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/galeon-1.2.13-6.2.1.src.rpm
bfa6d2b47049ca23b8b8b320749b7ea2 galeon-1.2.13-6.2.1.src.rpm
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/mozilla-1.4.4-1.2.3.src.rpm
492ba66de02ce249a94226f7da5cb1a8 mozilla-1.4.4-1.2.3.src.rpm

i386:
640ead171aa0fc4cdf6367e63df5652c galeon-1.2.13-6.2.1.i386.rpm
6f3df40d9ceea897b0b4d6bbcf08f32f mozilla-1.4.4-1.2.3.i386.rpm
1b885fa495058785d4d726c52119ef6e mozilla-chat-1.4.4-1.2.3.i386.rpm
af7ed1e862811a591b6d70df4c21ee95 mozilla-devel-1.4.4-1.2.3.i386.rpm
ae51fad443b9f7f86019f9da87534499 mozilla-dom-inspector-1.4.4-1.2.3.i386.rpm
b5f9b2fd48e520c0548024f062d3be4a mozilla-js-debugger-1.4.4-1.2.3.i386.rpm
26f5a720479169d6ee2618a1df2876cf mozilla-mail-1.4.4-1.2.3.i386.rpm
53988d7daa3f6b92dbbf8a4638fde336 mozilla-nspr-1.4.4-1.2.3.i386.rpm
fd1a43ab2e3dfa370989a2806ee7fa10 mozilla-nspr-devel-1.4.4-1.2.3.i386.rpm
38851672d0ec94d06447bf082cf58d96 mozilla-nss-1.4.4-1.2.3.i386.rpm
6e826549e1c1526af249034bd6c3de26 mozilla-nss-devel-1.4.4-1.2.3.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/mozilla-1.4.4-1.3.5.src.rpm
56deb276290446e580ffd03b99f00a36 mozilla-1.4.4-1.3.5.src.rpm

i386:
d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm
324e811245840ab2ec24307a4d0e7256 mozilla-chat-1.4.4-1.3.5.i386.rpm
750a4982a9eb9094a65ada2c00caa4a1 mozilla-devel-1.4.4-1.3.5.i386.rpm
98b5256945b2da77115f9a1332222b2e mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
02de930daf3662e48bbe40fef64ede15 mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
bc76919e0e6cbbb9d6e3af1d8890ffa9 mozilla-mail-1.4.4-1.3.5.i386.rpm
2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm
0a92c035db2cabb1d9bcdf6d14e766ac mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm
17510499ca4880110cfdb82924a791a7 mozilla-nss-devel-1.4.4-1.3.5.i386.rpm

ia64:
0d7d91dad11ae959d141d18ea19b079c mozilla-1.4.4-1.3.5.ia64.rpm
fbd29b9381da91a7425c4c1534d7726f mozilla-chat-1.4.4-1.3.5.ia64.rpm
44edbce53caa6cd7e182232209c5d40b mozilla-devel-1.4.4-1.3.5.ia64.rpm
482435ed8f2a040e2ec0326909fae3c3 mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm
532d2fd41430b9455bc3188be7c637c2 mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm
80db174298676c72b910f8c81c2405c3 mozilla-mail-1.4.4-1.3.5.ia64.rpm
f40ffd6e3a1aeee6879ddf049060b151 mozilla-nspr-1.4.4-1.3.5.ia64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm
03ca5f59bac9685b1eed7870c9f3a5a1 mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm
604b09728acd2bd90c2331cefd1b6ed0 mozilla-nss-1.4.4-1.3.5.ia64.rpm
140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm
d328d20773f0af370f89a0113844557d mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm

ppc:
696f7f714ea9bf4e9c85aa76fb05fc43 mozilla-1.4.4-1.3.5.ppc.rpm
e633b0cc0581ba5cb69307dd7c1d3501 mozilla-chat-1.4.4-1.3.5.ppc.rpm
94a938d734de1cca883de9d442b9cf48 mozilla-devel-1.4.4-1.3.5.ppc.rpm
c7b55219bf541e824163e816eeba3d72 mozilla-dom-inspector-1.4.4-1.3.5.ppc.rpm
08b74fe5d8232682ce1f35a0cf75e88e mozilla-js-debugger-1.4.4-1.3.5.ppc.rpm
0343e582869923b903ed7ae8d56e017a mozilla-mail-1.4.4-1.3.5.ppc.rpm
ab2df03107e250927edfc3cba6691545 mozilla-nspr-1.4.4-1.3.5.ppc.rpm
b2da2cdfeb834c96805884424791100e mozilla-nspr-devel-1.4.4-1.3.5.ppc.rpm
ec1ecbe8ca70613e62bfdbbedf079baf mozilla-nss-1.4.4-1.3.5.ppc.rpm
ba0a5df973bc99840589cddfb616e8ad mozilla-nss-devel-1.4.4-1.3.5.ppc.rpm

s390:
69c69d46957f35f9569ffbed352e14f6 mozilla-1.4.4-1.3.5.s390.rpm
63180be7a03aad0ca5522eadb7ff1400 mozilla-chat-1.4.4-1.3.5.s390.rpm
b9610f2d1ff6aa38c02cfaad1470f83e mozilla-devel-1.4.4-1.3.5.s390.rpm
13113afec61e781a5b610e2a04456297 mozilla-dom-inspector-1.4.4-1.3.5.s390.rpm
5a30f4a136abc86024480c40dfadeb6a mozilla-js-debugger-1.4.4-1.3.5.s390.rpm
c1f3021e4a7c3dcd2acda6a7e5887c54 mozilla-mail-1.4.4-1.3.5.s390.rpm
d324540741c273908a4a00936dbd59b1 mozilla-nspr-1.4.4-1.3.5.s390.rpm
e2d51cbdc8f6fdbf514c1a5be547c8df mozilla-nspr-devel-1.4.4-1.3.5.s390.rpm
9db13f5be1e758119e136db280f71527 mozilla-nss-1.4.4-1.3.5.s390.rpm
d947f511e8a48536fd2b06ee53a4cabb mozilla-nss-devel-1.4.4-1.3.5.s390.rpm

s390x:
ff3936f6df6c69f5125ed9f2b2030cc5 mozilla-1.4.4-1.3.5.s390x.rpm
a462bb974a53dd44a3e894b6b343ac7e mozilla-chat-1.4.4-1.3.5.s390x.rpm
ff84589153c55746448ea1bf219f27ce mozilla-devel-1.4.4-1.3.5.s390x.rpm
99bf1ba3f5a7ecdb5723f0d8e869414b mozilla-dom-inspector-1.4.4-1.3.5.s390x.rpm
407ddbbeb04586281f8ffcdbba602d0b mozilla-js-debugger-1.4.4-1.3.5.s390x.rpm
4472d0efc6042c1ef09219f3952eb942 mozilla-mail-1.4.4-1.3.5.s390x.rpm
c9b3244b5f18e625cbcd5e8e78c4a655 mozilla-nspr-1.4.4-1.3.5.s390x.rpm
d324540741c273908a4a00936dbd59b1 mozilla-nspr-1.4.4-1.3.5.s390.rpm
090e7e4d9e68ee705d8f91e31bfd82b3 mozilla-nspr-devel-1.4.4-1.3.5.s390x.rpm
8d903c5aa0038c9c241eac3e37e99335 mozilla-nss-1.4.4-1.3.5.s390x.rpm
9db13f5be1e758119e136db280f71527 mozilla-nss-1.4.4-1.3.5.s390.rpm
dcc2b2d9dc3499d7235eed6473c6a7fb mozilla-nss-devel-1.4.4-1.3.5.s390x.rpm

x86_64:
d7497f99749a268d76820f09af460174 mozilla-1.4.4-1.3.5.x86_64.rpm
d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm
3315e273014d7dc28d8363e4e140eca6 mozilla-chat-1.4.4-1.3.5.x86_64.rpm
7841d99372a61f3432a98745f707dff9 mozilla-devel-1.4.4-1.3.5.x86_64.rpm
c7b97fae2a4427bca52878168c0bac31 mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
f2377c82623e615338b916d1e18d2138 mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
663be710f1808de2112010ae65018f61 mozilla-mail-1.4.4-1.3.5.x86_64.rpm
747dc266316d11a04692801353e41ac5 mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm
94a2afad4561d6d18271bfe4d9b1f1db mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
72005829614f14512916a5e4e1044cff mozilla-nss-1.4.4-1.3.5.x86_64.rpm
140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm
6c7c2e51226bde6c1484290e21ed1e14 mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/mozilla-1.4.4-1.3.5.src.rpm
56deb276290446e580ffd03b99f00a36 mozilla-1.4.4-1.3.5.src.rpm

i386:
d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm
324e811245840ab2ec24307a4d0e7256 mozilla-chat-1.4.4-1.3.5.i386.rpm
750a4982a9eb9094a65ada2c00caa4a1 mozilla-devel-1.4.4-1.3.5.i386.rpm
98b5256945b2da77115f9a1332222b2e mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
02de930daf3662e48bbe40fef64ede15 mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
bc76919e0e6cbbb9d6e3af1d8890ffa9 mozilla-mail-1.4.4-1.3.5.i386.rpm
2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm
0a92c035db2cabb1d9bcdf6d14e766ac mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm
17510499ca4880110cfdb82924a791a7 mozilla-nss-devel-1.4.4-1.3.5.i386.rpm

x86_64:
d7497f99749a268d76820f09af460174 mozilla-1.4.4-1.3.5.x86_64.rpm
d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm
3315e273014d7dc28d8363e4e140eca6 mozilla-chat-1.4.4-1.3.5.x86_64.rpm
7841d99372a61f3432a98745f707dff9 mozilla-devel-1.4.4-1.3.5.x86_64.rpm
c7b97fae2a4427bca52878168c0bac31 mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
f2377c82623e615338b916d1e18d2138 mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
663be710f1808de2112010ae65018f61 mozilla-mail-1.4.4-1.3.5.x86_64.rpm
747dc266316d11a04692801353e41ac5 mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm
94a2afad4561d6d18271bfe4d9b1f1db mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
72005829614f14512916a5e4e1044cff mozilla-nss-1.4.4-1.3.5.x86_64.rpm
140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm
6c7c2e51226bde6c1484290e21ed1e14 mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/mozilla-1.4.4-1.3.5.src.rpm
56deb276290446e580ffd03b99f00a36 mozilla-1.4.4-1.3.5.src.rpm

i386:
d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm
324e811245840ab2ec24307a4d0e7256 mozilla-chat-1.4.4-1.3.5.i386.rpm
750a4982a9eb9094a65ada2c00caa4a1 mozilla-devel-1.4.4-1.3.5.i386.rpm
98b5256945b2da77115f9a1332222b2e mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
02de930daf3662e48bbe40fef64ede15 mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
bc76919e0e6cbbb9d6e3af1d8890ffa9 mozilla-mail-1.4.4-1.3.5.i386.rpm
2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm
0a92c035db2cabb1d9bcdf6d14e766ac mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm
17510499ca4880110cfdb82924a791a7 mozilla-nss-devel-1.4.4-1.3.5.i386.rpm

ia64:
0d7d91dad11ae959d141d18ea19b079c mozilla-1.4.4-1.3.5.ia64.rpm
fbd29b9381da91a7425c4c1534d7726f mozilla-chat-1.4.4-1.3.5.ia64.rpm
44edbce53caa6cd7e182232209c5d40b mozilla-devel-1.4.4-1.3.5.ia64.rpm
482435ed8f2a040e2ec0326909fae3c3 mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm
532d2fd41430b9455bc3188be7c637c2 mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm
80db174298676c72b910f8c81c2405c3 mozilla-mail-1.4.4-1.3.5.ia64.rpm
f40ffd6e3a1aeee6879ddf049060b151 mozilla-nspr-1.4.4-1.3.5.ia64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm
03ca5f59bac9685b1eed7870c9f3a5a1 mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm
604b09728acd2bd90c2331cefd1b6ed0 mozilla-nss-1.4.4-1.3.5.ia64.rpm
140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm
d328d20773f0af370f89a0113844557d mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm

x86_64:
d7497f99749a268d76820f09af460174 mozilla-1.4.4-1.3.5.x86_64.rpm
d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm
3315e273014d7dc28d8363e4e140eca6 mozilla-chat-1.4.4-1.3.5.x86_64.rpm
7841d99372a61f3432a98745f707dff9 mozilla-devel-1.4.4-1.3.5.x86_64.rpm
c7b97fae2a4427bca52878168c0bac31 mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
f2377c82623e615338b916d1e18d2138 mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
663be710f1808de2112010ae65018f61 mozilla-mail-1.4.4-1.3.5.x86_64.rpm
747dc266316d11a04692801353e41ac5 mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm
94a2afad4561d6d18271bfe4d9b1f1db mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
72005829614f14512916a5e4e1044cff mozilla-nss-1.4.4-1.3.5.x86_64.rpm
140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm
6c7c2e51226bde6c1484290e21ed1e14 mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/mozilla-1.4.4-1.3.5.src.rpm
56deb276290446e580ffd03b99f00a36 mozilla-1.4.4-1.3.5.src.rpm

i386:
d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm
324e811245840ab2ec24307a4d0e7256 mozilla-chat-1.4.4-1.3.5.i386.rpm
750a4982a9eb9094a65ada2c00caa4a1 mozilla-devel-1.4.4-1.3.5.i386.rpm
98b5256945b2da77115f9a1332222b2e mozilla-dom-inspector-1.4.4-1.3.5.i386.rpm
02de930daf3662e48bbe40fef64ede15 mozilla-js-debugger-1.4.4-1.3.5.i386.rpm
bc76919e0e6cbbb9d6e3af1d8890ffa9 mozilla-mail-1.4.4-1.3.5.i386.rpm
2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm
0a92c035db2cabb1d9bcdf6d14e766ac mozilla-nspr-devel-1.4.4-1.3.5.i386.rpm
140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm
17510499ca4880110cfdb82924a791a7 mozilla-nss-devel-1.4.4-1.3.5.i386.rpm

ia64:
0d7d91dad11ae959d141d18ea19b079c mozilla-1.4.4-1.3.5.ia64.rpm
fbd29b9381da91a7425c4c1534d7726f mozilla-chat-1.4.4-1.3.5.ia64.rpm
44edbce53caa6cd7e182232209c5d40b mozilla-devel-1.4.4-1.3.5.ia64.rpm
482435ed8f2a040e2ec0326909fae3c3 mozilla-dom-inspector-1.4.4-1.3.5.ia64.rpm
532d2fd41430b9455bc3188be7c637c2 mozilla-js-debugger-1.4.4-1.3.5.ia64.rpm
80db174298676c72b910f8c81c2405c3 mozilla-mail-1.4.4-1.3.5.ia64.rpm
f40ffd6e3a1aeee6879ddf049060b151 mozilla-nspr-1.4.4-1.3.5.ia64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm
03ca5f59bac9685b1eed7870c9f3a5a1 mozilla-nspr-devel-1.4.4-1.3.5.ia64.rpm
604b09728acd2bd90c2331cefd1b6ed0 mozilla-nss-1.4.4-1.3.5.ia64.rpm
140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm
d328d20773f0af370f89a0113844557d mozilla-nss-devel-1.4.4-1.3.5.ia64.rpm

x86_64:
d7497f99749a268d76820f09af460174 mozilla-1.4.4-1.3.5.x86_64.rpm
d3b673160835e792151148f10fda5ed6 mozilla-1.4.4-1.3.5.i386.rpm
3315e273014d7dc28d8363e4e140eca6 mozilla-chat-1.4.4-1.3.5.x86_64.rpm
7841d99372a61f3432a98745f707dff9 mozilla-devel-1.4.4-1.3.5.x86_64.rpm
c7b97fae2a4427bca52878168c0bac31 mozilla-dom-inspector-1.4.4-1.3.5.x86_64.rpm
f2377c82623e615338b916d1e18d2138 mozilla-js-debugger-1.4.4-1.3.5.x86_64.rpm
663be710f1808de2112010ae65018f61 mozilla-mail-1.4.4-1.3.5.x86_64.rpm
747dc266316d11a04692801353e41ac5 mozilla-nspr-1.4.4-1.3.5.x86_64.rpm
2ed41ea030dad2f34bf005ab71d1f7a7 mozilla-nspr-1.4.4-1.3.5.i386.rpm
94a2afad4561d6d18271bfe4d9b1f1db mozilla-nspr-devel-1.4.4-1.3.5.x86_64.rpm
72005829614f14512916a5e4e1044cff mozilla-nss-1.4.4-1.3.5.x86_64.rpm
140ff2ec99a45e891adfa52c799a1a79 mozilla-nss-1.4.4-1.3.5.i386.rpm
6c7c2e51226bde6c1484290e21ed1e14 mozilla-nss-devel-1.4.4-1.3.5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0906
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1613
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCQcQtXlSAg2UNWIIRAg9mAJ0T+nLXBdRjgJfJYTwUQxx4pVsA7ACeMzDk
FsQmZHXhbe4lHygqQLwEqwo=
=nd1R
- -----END PGP SIGNATURE-----


- --
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list



2.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Critical: mozilla security update
Advisory ID: RHSA-2005:335-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-335.html
Issue date: 2005-03-23
Updated on: 2005-03-23
Product: Red Hat Enterprise Linux
CVE Names: CAN-2004-1380 CAN-2005-0141 CAN-2005-0142 CAN-2005-0143 CAN-2005-0144 CAN-2005-0146 CAN-2005-0149 CAN-2005-0399 CAN-2005-0401
- - ---------------------------------------------------------------------

1. Summary:

Updated mozilla packages that fix various bugs are now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla is an open source Web browser, advanced email and newsgroup client,
IRC chat client, and HTML editor.

A buffer overflow bug was found in the way Mozilla processes GIF images. It
is possible for an attacker to create a specially crafted GIF image, which
when viewed by a victim will execute arbitrary code as the victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0399 to this issue.

A bug was found in the way Mozilla responds to proxy auth requests. It is
possible for a malicious webserver to steal credentials from a victims
browser by issuing a 407 proxy authentication request. (CAN-2005-0147)

A bug was found in the way Mozilla displays dialog windows. It is possible
that a malicious web page which is being displayed in a background tab
could present the user with a dialog window appearing to come from the
active page. (CAN-2004-1380)

A bug was found in the way Mozilla Mail handles cookies when loading
content over HTTP regardless of the user's preference. It is possible that
a particular user could be tracked through the use of malicious mail
messages which load content over HTTP. (CAN-2005-0149)

A flaw was found in the way Firefox displays international domain names. It
is possible for an attacker to display a valid URL, tricking the user into
thinking they are viewing a legitimate webpage when they are not.
(CAN-2005-0233)

A bug was found in the way Firefox handles pop-up windows. It is possible
for a malicious website to control the content in an unrelated site's
pop-up window. (CAN-2004-1156)

A bug was found in the way Mozilla saves temporary files. Temporary files
are saved with world readable permissions, which could allow a local
malicious user to view potentially sensitive data. (CAN-2005-0142)

A bug was found in the way Mozilla handles synthetic middle click events.
It is possible for a malicious web page to steal the contents of a victims
clipboard. (CAN-2005-0146)

A bug was found in the way Mozilla processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to load
malicious XUL content. (CAN-2005-0401)

A bug was found in the way Mozilla loads links in a new tab which are
middle clicked. A malicious web page could read local files or modify
privileged chrom settings. (CAN-2005-0141)

A bug was found in the way Mozilla displays the secure site icon. A
malicious web page can use a view-source URL targetted at a secure page,
while loading an insecure page, yet the secure site icon shows the previous
secure state. (CAN-2005-0144)

A bug was found in the way Mozilla displays the secure site icon. A
malicious web page can display the secure site icon by loading a binary
file from a secured site. (CAN-2005-0143)

A bug was found in the way Firefox displays the download dialog window. A
malicious site can obfuscate the content displayed in the source field,
tricking a user into thinking they are downloading content from a trusted
source. (CAN-2005-0585)

Users of Mozilla are advised to upgrade to this updated package which
contains Mozilla version 1.7.6 to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142508 -
144228 -
146188 - CAN-2005-0141 multiple mozilla issues CAN-2004-1316 CAN-2005-0142 CAN-2005-0143 CAN-2005-0144 CAN-2004-1380 CAN-2004-1381 CAN-2005-0146 CAN-2005-0147 CAN-2005-0149
147397 - homograph spoofing
150866 -
151730 -

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/devhelp-0.9.2-2.4.3.src.rpm
ef655aef074fe9d1bb2d4275e18a30c3 devhelp-0.9.2-2.4.3.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/evolution-2.0.2-14.src.rpm
796caefedf5087511b137f14512aafa3 evolution-2.0.2-14.src.rpm
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/mozilla-1.7.6-1.4.1.src.rpm
2822baa29d8d22062fd1e314fec1c084 mozilla-1.7.6-1.4.1.src.rpm

i386:
c4a062574f5620e321f81c47b6c78913 devhelp-0.9.2-2.4.3.i386.rpm
7de6b81d78f3dba752a3c06d664777b8 devhelp-devel-0.9.2-2.4.3.i386.rpm
5e224cefdc65509b24fd29728caecc6b evolution-2.0.2-14.i386.rpm
b02187784c02324afd1723c24f2d17ab evolution-devel-2.0.2-14.i386.rpm
a7838d2c5ad3eb580b4a2157e2d0aac5 mozilla-1.7.6-1.4.1.i386.rpm
b7dd0f25824fd1a9e0cf160553e75cec mozilla-chat-1.7.6-1.4.1.i386.rpm
c88d27f8741cc22d794fa76ca001bcf2 mozilla-devel-1.7.6-1.4.1.i386.rpm
ef0444924c443bf1ef63efb291b15017 mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm
3c523a0ae96a601b0c3014a8b3cdec3d mozilla-js-debugger-1.7.6-1.4.1.i386.rpm
aa4ee2f37944777f5c6f2128bfe4051f mozilla-mail-1.7.6-1.4.1.i386.rpm
7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm
2319f305324b19e2a343e946b0cb6909 mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm
ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm
3fc1fdb6ceed5740a428047652faee3c mozilla-nss-devel-1.7.6-1.4.1.i386.rpm

ia64:
36b554c9d5d4f2520c885e2c8b05786a evolution-2.0.2-14.ia64.rpm
2edbcadc3c88a51ad077bae90d9b116f evolution-devel-2.0.2-14.ia64.rpm
bb6ffe8c693c6009597f2cffdbdfa115 mozilla-1.7.6-1.4.1.ia64.rpm
034d4270363faaf097bca06360c25e5b mozilla-chat-1.7.6-1.4.1.ia64.rpm
f5e5865fd0bd8c22ccde7316815deef4 mozilla-devel-1.7.6-1.4.1.ia64.rpm
6614e0cffaa568c1afb300a3c95d82cb mozilla-dom-inspector-1.7.6-1.4.1.ia64.rpm
128a218e1765ef3b93f9bc76a808768f mozilla-js-debugger-1.7.6-1.4.1.ia64.rpm
d3aec46e412923de975ca9444125b568 mozilla-mail-1.7.6-1.4.1.ia64.rpm
4b552fed5eb33993350562b7e2d1963b mozilla-nspr-1.7.6-1.4.1.ia64.rpm
7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm
cdca5118d08f05bb29a26ad854d13c77 mozilla-nspr-devel-1.7.6-1.4.1.ia64.rpm
630b9e378acc232bf9c0001f80ac0918 mozilla-nss-1.7.6-1.4.1.ia64.rpm
ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm
441e53acf432bbd125f71b6da1830ed7 mozilla-nss-devel-1.7.6-1.4.1.ia64.rpm

ppc:
b080555e3af4b61bbd4687093b1cc94c devhelp-0.9.2-2.4.3.ppc.rpm
9e2f3f5f8ce57636f797ebc5c1de5406 devhelp-devel-0.9.2-2.4.3.ppc.rpm
f743d2ff927f9304b6fa8ebf7f4670ac evolution-2.0.2-14.ppc.rpm
5c652488e5e4fd37d6542d2da9b64d35 evolution-devel-2.0.2-14.ppc.rpm
ca8a8ad82aca60da1a95e1f54b08899b mozilla-1.7.6-1.4.1.ppc.rpm
2eec8a5422770fe7f35fe89d598571a2 mozilla-chat-1.7.6-1.4.1.ppc.rpm
5efaf95c9cd4ac44ebde3c6405b293cb mozilla-devel-1.7.6-1.4.1.ppc.rpm
fb39503b07ebf91540be47f4efa8949d mozilla-dom-inspector-1.7.6-1.4.1.ppc.rpm
6e42d70993bde8d68019ec87d7be6049 mozilla-js-debugger-1.7.6-1.4.1.ppc.rpm
b80b956d16eccaef17a4a351e9c44512 mozilla-mail-1.7.6-1.4.1.ppc.rpm
7f0d47ec94e5c85beaa96944e89f5fe8 mozilla-nspr-1.7.6-1.4.1.ppc.rpm
d71529511834bdbdd606ee0fa4455543 mozilla-nspr-devel-1.7.6-1.4.1.ppc.rpm
f4e2a91859a1808c0ea2731c6d776654 mozilla-nss-1.7.6-1.4.1.ppc.rpm
c9affd85ff05952f9351314417ba68ab mozilla-nss-devel-1.7.6-1.4.1.ppc.rpm

s390:
be028cead30042d2d0a6ccfb3b1acd60 evolution-2.0.2-14.s390.rpm
f753f3408222e3c3505b51551bbabf15 evolution-devel-2.0.2-14.s390.rpm
6a2768f0e8dfadb73f91e725da238fa4 mozilla-1.7.6-1.4.1.s390.rpm
b816dbdda317776c96119267fbf72fbf mozilla-chat-1.7.6-1.4.1.s390.rpm
6aa47533e291b1a11f5d2df9c5d6e3fc mozilla-devel-1.7.6-1.4.1.s390.rpm
0589218bfb8df65d70fc84e5f82ae094 mozilla-dom-inspector-1.7.6-1.4.1.s390.rpm
156b9cb6a790554cdede32f4e95a1f2a mozilla-js-debugger-1.7.6-1.4.1.s390.rpm
0808078b09f3066189b504b594f4c9a7 mozilla-mail-1.7.6-1.4.1.s390.rpm
b6a56eedf837d24b952fa5398f43abc5 mozilla-nspr-1.7.6-1.4.1.s390.rpm
8f45563bfe7df84230204f23a92e2c30 mozilla-nspr-devel-1.7.6-1.4.1.s390.rpm
ee14089af4fac8e42c1265dfce8a0d16 mozilla-nss-1.7.6-1.4.1.s390.rpm
0b13dd9da58f22a3e54ec99f7b7f165f mozilla-nss-devel-1.7.6-1.4.1.s390.rpm

s390x:
ecca54c1461b85910609fc149d32b7f5 evolution-2.0.2-14.s390x.rpm
d922cf9a4f01be35ab40da5e1a1bacbd evolution-devel-2.0.2-14.s390x.rpm
bab0d846cb27f006b26f9539fb23858f mozilla-1.7.6-1.4.1.s390x.rpm
62045b915cf20d7df0f189ac71a714c7 mozilla-chat-1.7.6-1.4.1.s390x.rpm
4a828b4ce571b106c7431782df7b7301 mozilla-devel-1.7.6-1.4.1.s390x.rpm
23c2b0a864a2afa8bb833bd58e901cef mozilla-dom-inspector-1.7.6-1.4.1.s390x.rpm
380384518578ab1aab19d52d55718c72 mozilla-js-debugger-1.7.6-1.4.1.s390x.rpm
7e82eab7a3aa4fa93c3885af7d918de8 mozilla-mail-1.7.6-1.4.1.s390x.rpm
fe60363934e4aeeb063a5e74e133b3e6 mozilla-nspr-1.7.6-1.4.1.s390x.rpm
b6a56eedf837d24b952fa5398f43abc5 mozilla-nspr-1.7.6-1.4.1.s390.rpm
527e7c92da0bcfe40d493a04aa4cc6a6 mozilla-nspr-devel-1.7.6-1.4.1.s390x.rpm
19bd01a9c77355bbd3868364faa53e3f mozilla-nss-1.7.6-1.4.1.s390x.rpm
ee14089af4fac8e42c1265dfce8a0d16 mozilla-nss-1.7.6-1.4.1.s390.rpm
7d73d9a7d0de4a4df5a1734a47b8a1b1 mozilla-nss-devel-1.7.6-1.4.1.s390x.rpm

x86_64:
5a7a6b72629d066a3830f59fb04593a2 devhelp-0.9.2-2.4.3.x86_64.rpm
895f1fd3c661b98e803a923884c2effc devhelp-devel-0.9.2-2.4.3.x86_64.rpm
28f97d232c0bf557426da1a8bbcc9be4 evolution-2.0.2-14.x86_64.rpm
3f54339b8b1a8837af14fa3937e67c09 evolution-devel-2.0.2-14.x86_64.rpm
01309838e0abdfa4b89b649fa945e80b mozilla-1.7.6-1.4.1.x86_64.rpm
00782ab9ca7504c15deb016246fc7581 mozilla-chat-1.7.6-1.4.1.x86_64.rpm
fa881165f821dc8b2f613cc10c48b81b mozilla-devel-1.7.6-1.4.1.x86_64.rpm
d17299423d61ccd0dd7ccb8c771677de mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm
58dd6924cc0596a5a6380518b660f5e7 mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm
51bc9b4fb28fe0e076137d7f31360eee mozilla-mail-1.7.6-1.4.1.x86_64.rpm
e897cf784cb23d147d6fdb0acb33d309 mozilla-nspr-1.7.6-1.4.1.x86_64.rpm
7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm
aa28118dc28d21f47f2d61f8601595e7 mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm
341cafa4e39a9e0cb2919e2a1800fed5 mozilla-nss-1.7.6-1.4.1.x86_64.rpm
ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm
19166638b89d32e156c333bed457888a mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/devhelp-0.9.2-2.4.3.src.rpm
ef655aef074fe9d1bb2d4275e18a30c3 devhelp-0.9.2-2.4.3.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/evolution-2.0.2-14.src.rpm
796caefedf5087511b137f14512aafa3 evolution-2.0.2-14.src.rpm
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/mozilla-1.7.6-1.4.1.src.rpm
2822baa29d8d22062fd1e314fec1c084 mozilla-1.7.6-1.4.1.src.rpm

i386:
c4a062574f5620e321f81c47b6c78913 devhelp-0.9.2-2.4.3.i386.rpm
7de6b81d78f3dba752a3c06d664777b8 devhelp-devel-0.9.2-2.4.3.i386.rpm
5e224cefdc65509b24fd29728caecc6b evolution-2.0.2-14.i386.rpm
b02187784c02324afd1723c24f2d17ab evolution-devel-2.0.2-14.i386.rpm
a7838d2c5ad3eb580b4a2157e2d0aac5 mozilla-1.7.6-1.4.1.i386.rpm
b7dd0f25824fd1a9e0cf160553e75cec mozilla-chat-1.7.6-1.4.1.i386.rpm
c88d27f8741cc22d794fa76ca001bcf2 mozilla-devel-1.7.6-1.4.1.i386.rpm
ef0444924c443bf1ef63efb291b15017 mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm
3c523a0ae96a601b0c3014a8b3cdec3d mozilla-js-debugger-1.7.6-1.4.1.i386.rpm
aa4ee2f37944777f5c6f2128bfe4051f mozilla-mail-1.7.6-1.4.1.i386.rpm
7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm
2319f305324b19e2a343e946b0cb6909 mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm
ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm
3fc1fdb6ceed5740a428047652faee3c mozilla-nss-devel-1.7.6-1.4.1.i386.rpm

x86_64:
5a7a6b72629d066a3830f59fb04593a2 devhelp-0.9.2-2.4.3.x86_64.rpm
895f1fd3c661b98e803a923884c2effc devhelp-devel-0.9.2-2.4.3.x86_64.rpm
28f97d232c0bf557426da1a8bbcc9be4 evolution-2.0.2-14.x86_64.rpm
3f54339b8b1a8837af14fa3937e67c09 evolution-devel-2.0.2-14.x86_64.rpm
01309838e0abdfa4b89b649fa945e80b mozilla-1.7.6-1.4.1.x86_64.rpm
00782ab9ca7504c15deb016246fc7581 mozilla-chat-1.7.6-1.4.1.x86_64.rpm
fa881165f821dc8b2f613cc10c48b81b mozilla-devel-1.7.6-1.4.1.x86_64.rpm
d17299423d61ccd0dd7ccb8c771677de mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm
58dd6924cc0596a5a6380518b660f5e7 mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm
51bc9b4fb28fe0e076137d7f31360eee mozilla-mail-1.7.6-1.4.1.x86_64.rpm
e897cf784cb23d147d6fdb0acb33d309 mozilla-nspr-1.7.6-1.4.1.x86_64.rpm
7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm
aa28118dc28d21f47f2d61f8601595e7 mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm
341cafa4e39a9e0cb2919e2a1800fed5 mozilla-nss-1.7.6-1.4.1.x86_64.rpm
ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm
19166638b89d32e156c333bed457888a mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/devhelp-0.9.2-2.4.3.src.rpm
ef655aef074fe9d1bb2d4275e18a30c3 devhelp-0.9.2-2.4.3.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/evolution-2.0.2-14.src.rpm
796caefedf5087511b137f14512aafa3 evolution-2.0.2-14.src.rpm
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/mozilla-1.7.6-1.4.1.src.rpm
2822baa29d8d22062fd1e314fec1c084 mozilla-1.7.6-1.4.1.src.rpm

i386:
c4a062574f5620e321f81c47b6c78913 devhelp-0.9.2-2.4.3.i386.rpm
7de6b81d78f3dba752a3c06d664777b8 devhelp-devel-0.9.2-2.4.3.i386.rpm
5e224cefdc65509b24fd29728caecc6b evolution-2.0.2-14.i386.rpm
b02187784c02324afd1723c24f2d17ab evolution-devel-2.0.2-14.i386.rpm
a7838d2c5ad3eb580b4a2157e2d0aac5 mozilla-1.7.6-1.4.1.i386.rpm
b7dd0f25824fd1a9e0cf160553e75cec mozilla-chat-1.7.6-1.4.1.i386.rpm
c88d27f8741cc22d794fa76ca001bcf2 mozilla-devel-1.7.6-1.4.1.i386.rpm
ef0444924c443bf1ef63efb291b15017 mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm
3c523a0ae96a601b0c3014a8b3cdec3d mozilla-js-debugger-1.7.6-1.4.1.i386.rpm
aa4ee2f37944777f5c6f2128bfe4051f mozilla-mail-1.7.6-1.4.1.i386.rpm
7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm
2319f305324b19e2a343e946b0cb6909 mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm
ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm
3fc1fdb6ceed5740a428047652faee3c mozilla-nss-devel-1.7.6-1.4.1.i386.rpm

ia64:
36b554c9d5d4f2520c885e2c8b05786a evolution-2.0.2-14.ia64.rpm
2edbcadc3c88a51ad077bae90d9b116f evolution-devel-2.0.2-14.ia64.rpm
bb6ffe8c693c6009597f2cffdbdfa115 mozilla-1.7.6-1.4.1.ia64.rpm
034d4270363faaf097bca06360c25e5b mozilla-chat-1.7.6-1.4.1.ia64.rpm
f5e5865fd0bd8c22ccde7316815deef4 mozilla-devel-1.7.6-1.4.1.ia64.rpm
6614e0cffaa568c1afb300a3c95d82cb mozilla-dom-inspector-1.7.6-1.4.1.ia64.rpm
128a218e1765ef3b93f9bc76a808768f mozilla-js-debugger-1.7.6-1.4.1.ia64.rpm
d3aec46e412923de975ca9444125b568 mozilla-mail-1.7.6-1.4.1.ia64.rpm
4b552fed5eb33993350562b7e2d1963b mozilla-nspr-1.7.6-1.4.1.ia64.rpm
7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm
cdca5118d08f05bb29a26ad854d13c77 mozilla-nspr-devel-1.7.6-1.4.1.ia64.rpm
630b9e378acc232bf9c0001f80ac0918 mozilla-nss-1.7.6-1.4.1.ia64.rpm
ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm
441e53acf432bbd125f71b6da1830ed7 mozilla-nss-devel-1.7.6-1.4.1.ia64.rpm

x86_64:
5a7a6b72629d066a3830f59fb04593a2 devhelp-0.9.2-2.4.3.x86_64.rpm
895f1fd3c661b98e803a923884c2effc devhelp-devel-0.9.2-2.4.3.x86_64.rpm
28f97d232c0bf557426da1a8bbcc9be4 evolution-2.0.2-14.x86_64.rpm
3f54339b8b1a8837af14fa3937e67c09 evolution-devel-2.0.2-14.x86_64.rpm
01309838e0abdfa4b89b649fa945e80b mozilla-1.7.6-1.4.1.x86_64.rpm
00782ab9ca7504c15deb016246fc7581 mozilla-chat-1.7.6-1.4.1.x86_64.rpm
fa881165f821dc8b2f613cc10c48b81b mozilla-devel-1.7.6-1.4.1.x86_64.rpm
d17299423d61ccd0dd7ccb8c771677de mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm
58dd6924cc0596a5a6380518b660f5e7 mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm
51bc9b4fb28fe0e076137d7f31360eee mozilla-mail-1.7.6-1.4.1.x86_64.rpm
e897cf784cb23d147d6fdb0acb33d309 mozilla-nspr-1.7.6-1.4.1.x86_64.rpm
7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm
aa28118dc28d21f47f2d61f8601595e7 mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm
341cafa4e39a9e0cb2919e2a1800fed5 mozilla-nss-1.7.6-1.4.1.x86_64.rpm
ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm
19166638b89d32e156c333bed457888a mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/devhelp-0.9.2-2.4.3.src.rpm
ef655aef074fe9d1bb2d4275e18a30c3 devhelp-0.9.2-2.4.3.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/evolution-2.0.2-14.src.rpm
796caefedf5087511b137f14512aafa3 evolution-2.0.2-14.src.rpm
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/mozilla-1.7.6-1.4.1.src.rpm
2822baa29d8d22062fd1e314fec1c084 mozilla-1.7.6-1.4.1.src.rpm

i386:
c4a062574f5620e321f81c47b6c78913 devhelp-0.9.2-2.4.3.i386.rpm
7de6b81d78f3dba752a3c06d664777b8 devhelp-devel-0.9.2-2.4.3.i386.rpm
5e224cefdc65509b24fd29728caecc6b evolution-2.0.2-14.i386.rpm
b02187784c02324afd1723c24f2d17ab evolution-devel-2.0.2-14.i386.rpm
a7838d2c5ad3eb580b4a2157e2d0aac5 mozilla-1.7.6-1.4.1.i386.rpm
b7dd0f25824fd1a9e0cf160553e75cec mozilla-chat-1.7.6-1.4.1.i386.rpm
c88d27f8741cc22d794fa76ca001bcf2 mozilla-devel-1.7.6-1.4.1.i386.rpm
ef0444924c443bf1ef63efb291b15017 mozilla-dom-inspector-1.7.6-1.4.1.i386.rpm
3c523a0ae96a601b0c3014a8b3cdec3d mozilla-js-debugger-1.7.6-1.4.1.i386.rpm
aa4ee2f37944777f5c6f2128bfe4051f mozilla-mail-1.7.6-1.4.1.i386.rpm
7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm
2319f305324b19e2a343e946b0cb6909 mozilla-nspr-devel-1.7.6-1.4.1.i386.rpm
ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm
3fc1fdb6ceed5740a428047652faee3c mozilla-nss-devel-1.7.6-1.4.1.i386.rpm

ia64:
36b554c9d5d4f2520c885e2c8b05786a evolution-2.0.2-14.ia64.rpm
2edbcadc3c88a51ad077bae90d9b116f evolution-devel-2.0.2-14.ia64.rpm
bb6ffe8c693c6009597f2cffdbdfa115 mozilla-1.7.6-1.4.1.ia64.rpm
034d4270363faaf097bca06360c25e5b mozilla-chat-1.7.6-1.4.1.ia64.rpm
f5e5865fd0bd8c22ccde7316815deef4 mozilla-devel-1.7.6-1.4.1.ia64.rpm
6614e0cffaa568c1afb300a3c95d82cb mozilla-dom-inspector-1.7.6-1.4.1.ia64.rpm
128a218e1765ef3b93f9bc76a808768f mozilla-js-debugger-1.7.6-1.4.1.ia64.rpm
d3aec46e412923de975ca9444125b568 mozilla-mail-1.7.6-1.4.1.ia64.rpm
4b552fed5eb33993350562b7e2d1963b mozilla-nspr-1.7.6-1.4.1.ia64.rpm
7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm
cdca5118d08f05bb29a26ad854d13c77 mozilla-nspr-devel-1.7.6-1.4.1.ia64.rpm
630b9e378acc232bf9c0001f80ac0918 mozilla-nss-1.7.6-1.4.1.ia64.rpm
ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm
441e53acf432bbd125f71b6da1830ed7 mozilla-nss-devel-1.7.6-1.4.1.ia64.rpm

x86_64:
5a7a6b72629d066a3830f59fb04593a2 devhelp-0.9.2-2.4.3.x86_64.rpm
895f1fd3c661b98e803a923884c2effc devhelp-devel-0.9.2-2.4.3.x86_64.rpm
28f97d232c0bf557426da1a8bbcc9be4 evolution-2.0.2-14.x86_64.rpm
3f54339b8b1a8837af14fa3937e67c09 evolution-devel-2.0.2-14.x86_64.rpm
01309838e0abdfa4b89b649fa945e80b mozilla-1.7.6-1.4.1.x86_64.rpm
00782ab9ca7504c15deb016246fc7581 mozilla-chat-1.7.6-1.4.1.x86_64.rpm
fa881165f821dc8b2f613cc10c48b81b mozilla-devel-1.7.6-1.4.1.x86_64.rpm
d17299423d61ccd0dd7ccb8c771677de mozilla-dom-inspector-1.7.6-1.4.1.x86_64.rpm
58dd6924cc0596a5a6380518b660f5e7 mozilla-js-debugger-1.7.6-1.4.1.x86_64.rpm
51bc9b4fb28fe0e076137d7f31360eee mozilla-mail-1.7.6-1.4.1.x86_64.rpm
e897cf784cb23d147d6fdb0acb33d309 mozilla-nspr-1.7.6-1.4.1.x86_64.rpm
7eea7a8e4316fe594d23022962b3aa36 mozilla-nspr-1.7.6-1.4.1.i386.rpm
aa28118dc28d21f47f2d61f8601595e7 mozilla-nspr-devel-1.7.6-1.4.1.x86_64.rpm
341cafa4e39a9e0cb2919e2a1800fed5 mozilla-nss-1.7.6-1.4.1.x86_64.rpm
ab3c087c54396503607d4f5cadb49e12 mozilla-nss-1.7.6-1.4.1.i386.rpm
19166638b89d32e156c333bed457888a mozilla-nss-devel-1.7.6-1.4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0143
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCQcRCXlSAg2UNWIIRAgndAKDBSEUWIb++fF5Vo4McyLCcia4cEACgxN7B
+SeKSB2012ttbFp6NE7Dx54=
=mCW0
- -----END PGP SIGNATURE-----


- --
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list



3.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Critical: firefox security update
Advisory ID: RHSA-2005:336-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-336.html
Issue date: 2005-03-23
Updated on: 2005-03-23
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0399 CAN-2005-0401 CAN-2005-0402
- - ---------------------------------------------------------------------

1. Summary:

Updated firefox packages that fix various bugs are now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla Firefox is an open source Web browser.

A buffer overflow bug was found in the way Firefox processes GIF images. It
is possible for an attacker to create a specially crafted GIF image, which
when viewed by a victim will execute arbitrary code as the victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2005-0399 to this issue.

A bug was found in the way Firefox processes XUL content. If a malicious
web page can trick a user into dragging an object, it is possible to load
malicious XUL content. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0401 to this issue.

A bug was found in the way Firefox bookmarks content to the sidebar. If a
user can be tricked into bookmarking a malicious web page into the sidebar
panel, that page could execute arbitrary programs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0402 to this issue.

Users of Firefox are advised to upgrade to this updated package which
contains Firefox version 1.0.2 and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

150877 -
151153 -
151714 -

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/firefox-1.0.2-1.4.1.src.rpm
b4d2d6699d60086f14232a1d1c58b027 firefox-1.0.2-1.4.1.src.rpm

i386:
08057be5ef2e887f407eef14c3b871f2 firefox-1.0.2-1.4.1.i386.rpm

ia64:
d8006388e5625a9baf65fa0bd6a7fc16 firefox-1.0.2-1.4.1.ia64.rpm

ppc:
661a3b104b9a4e5ddd04dcd56113a365 firefox-1.0.2-1.4.1.ppc.rpm

s390:
36441f3878cd58dd420c8ecb9774bb97 firefox-1.0.2-1.4.1.s390.rpm

s390x:
e2c20602640075d8f4424cb88fcf9145 firefox-1.0.2-1.4.1.s390x.rpm

x86_64:
f922c5283e24f14d0ac5128bb58f85d1 firefox-1.0.2-1.4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/firefox-1.0.2-1.4.1.src.rpm
b4d2d6699d60086f14232a1d1c58b027 firefox-1.0.2-1.4.1.src.rpm

i386:
08057be5ef2e887f407eef14c3b871f2 firefox-1.0.2-1.4.1.i386.rpm

x86_64:
f922c5283e24f14d0ac5128bb58f85d1 firefox-1.0.2-1.4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/firefox-1.0.2-1.4.1.src.rpm
b4d2d6699d60086f14232a1d1c58b027 firefox-1.0.2-1.4.1.src.rpm

i386:
08057be5ef2e887f407eef14c3b871f2 firefox-1.0.2-1.4.1.i386.rpm

ia64:
d8006388e5625a9baf65fa0bd6a7fc16 firefox-1.0.2-1.4.1.ia64.rpm

x86_64:
f922c5283e24f14d0ac5128bb58f85d1 firefox-1.0.2-1.4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/firefox-1.0.2-1.4.1.src.rpm
b4d2d6699d60086f14232a1d1c58b027 firefox-1.0.2-1.4.1.src.rpm

i386:
08057be5ef2e887f407eef14c3b871f2 firefox-1.0.2-1.4.1.i386.rpm

ia64:
d8006388e5625a9baf65fa0bd6a7fc16 firefox-1.0.2-1.4.1.ia64.rpm

x86_64:
f922c5283e24f14d0ac5128bb58f85d1 firefox-1.0.2-1.4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0402

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCQcRXXlSAg2UNWIIRArYAAKCbFlu9WfrSjhj0vXD9z2xbTIbvbACeMH0Z
5Hfe9lYJXrLCmCqm8SGdJhU=
=vBa6
- -----END PGP SIGNATURE-----


- --
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list



4.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Critical: thunderbird security update
Advisory ID: RHSA-2005:337-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-337.html
Issue date: 2005-03-23
Updated on: 2005-03-23
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0399 CAN-2005-0255
- - ---------------------------------------------------------------------

1. Summary:

Updated thunderbird packages that fix various bugs are now available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

Mozilla Thunderbird is a standalone mail and newsgroup client.

A buffer overflow bug was found in the way Thunderbird processes GIF
images. It is possible for an attacker to create a specially crafted GIF
image, which when viewed by a victim will execute arbitrary code as the
victim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2005-0399 to this issue.

A bug was found in the Thunderbird string handling functions. If a
malicious website is able to exhaust a system's memory, it becomes possible
to execute arbitrary code. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0255 to this issue.

Users of Thunderbird are advised to upgrade to this updated package which
contains Thunderbird version 1.0.2 and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

149883 - CAN-2005-0255 Memory overwrite in string library
150874 -

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/thunderbird-1.0.2-1.4.1.src.rpm
4fd64e091c9b224ac6b1ec2e2389b3b8 thunderbird-1.0.2-1.4.1.src.rpm

i386:
6230f646a97610ffcf4a8470111fe784 thunderbird-1.0.2-1.4.1.i386.rpm

ia64:
88982e22b690d581824e061b56993d9d thunderbird-1.0.2-1.4.1.ia64.rpm

ppc:
2ed876ea1f24b2d93c7957a4b7aa1e62 thunderbird-1.0.2-1.4.1.ppc.rpm

s390:
eeade6a2ae621d08642e9e1caed4ec98 thunderbird-1.0.2-1.4.1.s390.rpm

s390x:
61b8c77a40e9004ab401b938f59a96fd thunderbird-1.0.2-1.4.1.s390x.rpm

x86_64:
51e710c26670142b1b973fa96624b1fb thunderbird-1.0.2-1.4.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/thunderbird-1.0.2-1.4.1.src.rpm
4fd64e091c9b224ac6b1ec2e2389b3b8 thunderbird-1.0.2-1.4.1.src.rpm

i386:
6230f646a97610ffcf4a8470111fe784 thunderbird-1.0.2-1.4.1.i386.rpm

x86_64:
51e710c26670142b1b973fa96624b1fb thunderbird-1.0.2-1.4.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/thunderbird-1.0.2-1.4.1.src.rpm
4fd64e091c9b224ac6b1ec2e2389b3b8 thunderbird-1.0.2-1.4.1.src.rpm

i386:
6230f646a97610ffcf4a8470111fe784 thunderbird-1.0.2-1.4.1.i386.rpm

ia64:
88982e22b690d581824e061b56993d9d thunderbird-1.0.2-1.4.1.ia64.rpm

x86_64:
51e710c26670142b1b973fa96624b1fb thunderbird-1.0.2-1.4.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/thunderbird-1.0.2-1.4.1.src.rpm
4fd64e091c9b224ac6b1ec2e2389b3b8 thunderbird-1.0.2-1.4.1.src.rpm

i386:
6230f646a97610ffcf4a8470111fe784 thunderbird-1.0.2-1.4.1.i386.rpm

ia64:
88982e22b690d581824e061b56993d9d thunderbird-1.0.2-1.4.1.ia64.rpm

x86_64:
51e710c26670142b1b973fa96624b1fb thunderbird-1.0.2-1.4.1.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0255

8. Contact:

The Red Hat security contact is . More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCQcRoXlSAg2UNWIIRArbwAJ0UVlLmoeYdu19S4aTOCMlqEFTcXQCfTzk3
mwJ+o5TtRS7EbSDIv3G6yoE=
=vHKX
- -----END PGP SIGNATURE-----


- --
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-list
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |